Russian IT worker jailed for participating in pro-Ukraine DDoS attacks

A Russian regional court sentenced an IT worker to three years imprisonment on Tuesday for joining pro-Ukraine DDoS attacks against Russian government websites.

Yevgeny Kotikov was found guilty of targeting the information resources of the Ministry of Defence as well as the website of the president, according to state-owned news agency TASS.

Russia’s Federal Security Service (FSB) said Kotikov had conducted his attacks in support of “the Kiev regime” at the start of the “special military operation” in February 2022, using the sanctioned terms for the Ukrainian government and what Western officials describe as Russia’s illegal invasion.

The FSB said Ukraine had organized the DDoS attacks that Kotikov participated in, and that it had confiscated the IT worker’s personal computer. The court in the city of Rostov-on-Don fined him 800,000 rubles, around $10,000, and sentenced him to a koloniya-poseleniye, or “colony-settlement.”

These institutions are typically for first-time offenders and are not the strict prisons reserved for serious criminals. TASS did not report which settlement Kotikov would be sent to.

Rostov-on-Don is a large city and one of Russia’s closest to Ukraine, just 100 kilometers from the border east of Mariupol.

In March, an explosion at the FSB’s building in the city killed at least one person and injured two others. The agency blamed an accidental fire in a workshop for the incident.

Oleg Shakirov, an independent Russian researcher, found the sentence harsh. “For instance in February a Russian national was sentenced under the same article for DDoS — but he got 3 years of suspended, not real sentence,” he told The Record.

“The conflict with Ukraine was apparently an important factor that contributed to the severity of the sentence. The authorities would like to deter Russians from helping the Ukrainian cause, including in cyberspace.”

The case follows officials in Russia blaming the United States and European Union for an increase in cyberattacks against Russian “information resources and infrastructure facilities [which] have increased significantly” since the beginning of its invasion of Ukraine.

Last June, the Ministry of Foreign Affairs spokesperson Alexander Krutskikh, said “more than 65,000 ‘armchair hackers’ from the United States, Turkey, Georgia, and EU countries regularly took part in coordinated DDoS attacks” against Russian targets.

“It is unclear to what extent Russian hackers are involved in attacks against Russia,” Shakirov said. “But for instance earlier this month Leonid Volkov of Alexey Navalny's Anti-Corruption Foundation said their volunteers from Russia participated in the DDoS, coordinated with the Ukrainian cyber army, that disrupted the broadcast of Putin's address to the Parliament.”

Kotikov’s sentence could be seen as a warning to Russians who saw participating in DDoS attacks as “an easy and painless way to confront the government,” Shakirov explained, but also said the targeting of a single individual “illustrates the limitations of what can be done to respond to the ever-present threat of DDoS campaigns.”

“There were no major reported takedowns of infrastructure that is used for DDoS attacks, nor are there known international efforts where Russia would seek assistance from other states whose digital resources might be exploited by attackers. Individuals that are involved in attacks are the lowest hanging fruit, so it is no wonder they would be punished severely.”